About 2 weeks ago we had the same problem.
Ended up having to temporarily block 200.0.0.0 and 196.0.0.0. (All seemed to
have come from these 2 Class A's.)
Seemed to be a DOS that was distributed, all the same content but from all
over the place but concentrated on 1 domain.
Peaked at about 9 tps.
Took the block off after about a day. Most sources had sorted out there end
by then.
Have noticed an upsurge in address mining lately.
Regards
Steve.
----- Original Message -----
From: "Mark Foster"
Hi Guys,
We've had to block 200.0.0.0/8 from our MTAs temporarily, our mail queue jumped to around 30,000 messages at around 6:40 this morning and we're still taking more than one message per second from MTAs which are predominantly in that netblock. There are exceptions now but blocking 200/8 certainly reduced the load something chronic.
Looks like a sweep (random(a)ourdomain) looking for valid targets, and the source addresses are random(a)a-valid-but-forged-domain. As a result our MTAs are now bombarding the source domain MTA trying to bounce all the invalid addresses, and now we're getting complaints from them...
Wonder whether any other NZ ISPs have seen this happen recently or whether this is the first of many?
- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
-- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog